Bravo Greenpeace Switzerland! At Nestlé's annual
shareholder meeting 2010 last week, you descended from the ceiling
in the middle of the presentations with flyers and a banner asking
for the company to take responsibility for their reckless actions
in Indonesia.

Thousands of square kilometres of forest are cleared every day
so that companies like Nestlé can make vast sums of money off
consumers.

[[!img Error: Image::Magick is not
installed]]

Meanwhile, Orangutans outside the
venue were protesting Nestlé and asking for a break (copying
Nestlé's own slogan "Have a Break! Have a …"). The Orang Utans are
pushed towards extinction by capitalist interest.

One of my closest friends was part of the act, and he recounts
breaking into the ventilation system before sawing through the
ceiling, and descending on a rope. The police detained them for
more than 24 hours, but the message has been sent.

My relationship with Puppet is one of love
and hate. I am forced to use it simply because there is no better
tool around, but I hate it in so many ways that I don't even want
to start to enumerate (hint: most have to do with Ruby,
actually).

Today I decided to put an end to one thing that has been driving
me insane: the fact that puppetd (the client) and
puppetmasterd (the server) use the same working
directory, /var/lib/puppet. Since I consider and would
like to treatthe machine on which puppetmasterd is
running just another puppet client, I was running into funky issues
related to SSL certificate
confusion, obscure
errors, and SSL revocation
horrors.

The following hence assumes that you have installed or are
planning to install puppetd on the machine running
your puppetmaster, and that you have two fully-qualified domain
names for the machine. For instance, I run puppetmaster on
vera.madduck.net, and
puppetmaster.madduck.net is an alias for the same
machine. I'll use these names in the following as examples.

The following may be Debian-specific, as I am solely using the
puppet and puppetmaster packages
for my experimentation and verification. Your mileage may vary, but
the concept shall be the same.

I am doing this in [main], planning to override it
for puppetd later, because puppetd is the
only program which makes sense to be separated from the rest. Since
only the puppetmaster needs a special certificate name, that is set
specifically in the [puppetmasterd] section.

If you use apache2 or nginx in front of your
puppetmasters, make sure to amend the SSL file locations in the
virtual host definition and restart (!) the service.

You can verify that the configuration has been amended by making
sure that there is no output from the following command:

The most
common criticism of the
Anti-Counterfeiting Trade Agreement (ACTA) is the lack of
transparency. Before the nations disclose the terms of the
agreement under negotiation, we are unable to gain an idea of the
big picture, let alone voice our opinions and push for changes. Our
politicians don't want us to know. We rely on leaked documents for
our information. This is backwards in a world where a state should
represent its people. This smells foul to me.

There are undoubtedly some good reasons for the treaty, and if
we can contain worldwide, large-scale trade of counterfeited goods
and medicine, then that would be a net benefit to us all. However,
we must not allow certain governments to succomb to the pressure of
(commercially-motivated) lobbyists, to extend that pressure onto
other nations using trade as a means of pressure, and to slash our
freedom as if it were an inconvenient obstacle in their way.

Only if the terms under negotiation become publicly available,
and the public is given a voice, then we can help our governments
in entering an agreement that is in the interest of its people,
rather than a threat to us.

ISPs fight a raging war over net neutrality
because their infrastructure cannot keep up with the increasing
demand (or rather supply) of content. Therefore, ISPs want to
charge the users premiums if they wish to use certain services on
the Net. For instance, since videos are usually large in size, one
would have to purchase e.g. the "platinum package" to be able to
access video hosting sites. It would be a serious loss of freedom
if they won, and the Internet would never be the same.

Let's turn that idea around: since sites that use advertising
make money off every visitor, they are really the ones that should
pay the ISPs so that they can improve their infrastructure. The
same applies to sites that make money off visitors in other
ways.

At the moment, users pay to access the network (which is like
paying
a taxi to get to the market), so that they can visit sites
where advertisers make money showing ads to the visitor, which
might actually let them to pay a manufacturer for a product — the
end user pays twice, and the advertisers take in money, leeching
off the ISPs investing into their infrastructure.

I think that the advertiser and not the consumer should pay the
ISP to keep the infrastructure afloat — improve it even. The
manufacturer should then pay the advertisers for displaying the ad,
and the user consumes if s/he chooses to — and everyone only pays
once, for services they want. This will help improve competition
among providers, which should always be the goal.

If my ISP would start to record the volume of HTTP traffic I
produce for each target site, charge the targets appropriately
(they could start with a couple at first), and I'd get free
connectivity in turn, I'd be quite happy. The ISP wouldn't have to
look at the contents at all for that.

I don't yet know what to do if the target sites choose not to
pay up. ISPs could block them, or throttle or deprioritise traffic,
but either of those might simply lead to an exodus of users, just
like "premiums" would.

As usual, this just needs to be done by many ISPs in concert.
Are you listening?

The coffee place around the corner from where Penny and I lived for the past two months
—
Caffé Mode — offers to make your food using free-range eggs for
NZ$1. Free-range eggs are more expensive than normal ones, but the
price difference is not one dollar. Therefore, the cafe makes a
profit every time a customer makes the right choice.

I went in this morning to ask them about it, and the guy taking
my coffee order admitted stale-mate. When I suggested that the cafe
should use free-range eggs exclusively, he agreed. Let's hope that
he lets those making that decision know, and that the cafe soon
stops making money on ethical choices.

Tomorrow, Penny and I head off
back home, and two months of living in NZ come to an end. (did you
hear that, pleaserobme.com?)

Maybe I'll find the time to write about my impressions of living
on this side of the planet, and being immersed in Kiwi culture
while going after my daily routine and trying to work as much as I
could. But there is one thing that should not wait:

Thank you, Catalyst IT for
giving us workspaces! For the better part of 6 weeks, you gave us
our own room, monitors, keyboards, mice, and connectivity. And more
than that: you welcomed us, let us participate in sessions, invited
us to your parties, received our parcels, sent out letters, and
generally provided us with a great environment to work. This was
certainly well above what we had dreamed of.

At times, I was forced to stay into the middle of the night — 12
hours time difference with Europe is not always easy — and spent
waking hours in your building alone. Thank you for your trust!

Catalyst is a fully New Zealand owned company who deliver
critical open source business systems to some of NZ's largest
organisations, and organisations worldwide. Catalyst was also a
major enabler of LCA2010, and a
sponsor of Kiwi Foo Camp,
both events that I had the privilege to attend.

Shortly after I wrote my
last article about ACTA and the lack of transparency, I was
delighted to find out that a report of the recent negotiations in
Mexico has been leaked. I find it a bit disconcerting that our
politicians, who are theoretically supposed to represent our
interests, are writing documents that can "leak" to the public,
when they should have been available to the public from the
start.

A brief report from the European Commission authored by Pedro
Velasco Martins (an EU negotiator) on the most recent round of ACTA
negotiations in Guadalajara, Mexico has leaked, providing new
information on the substance of the talks, how countries are
addressing the transparency concerns, and plans for future
negotiations. (read
more…)

Dear lazyweb: I am in search of a mailing list for discussion on
matters related to digital identity and privacy in the information
age. Unfortunately, my (limited) searching has not unveiled
results, mostly because many mailing lists have "privacy
agreements" or somesuch, polluting the results with pointers to
those.

If you know such a list, or you don't but you are interested in
the topic, don't hesitate to drop me a line. I will
then either let you know when my search was successful, or
subscribe you when I have created a list to fill the void.

Right now, your government is probably engaged in the discussion
of the
Anti-Counterfeiting Trade Agreement (ACTA). You are likely not
aware of that because your government has been actively
keeping these negotiations and details surrounding them
secret.

The goals of the "trade agreement" that is being negotiated are
multifarious, but essentially seem to centre around challenges
related to intellectual property, and copyright in the digital age,
even though it is sometimes claimed that the agreement serves
primarily to contain trade of fake Prada bags and Rolex
watches.

In reality, ACTA is about content producers like movie studios,
who tryeverything to prevent you
from copying their work without paying for it — even if you cannot
actually purchase the work, because of e.g. technical
measures designed to prevent certain people from legally obtaining
content, or simply because the media companies are greedy and
consider it PR-savvy to delay the release of a given work in
certain countries until after people have had a chance to pay a lot
of money to the cinemas.

In theory, a creative work goes out of copyright 50 or 75 years
after its author died, depending on whether the creativity can be
attributed to a person or a corporation, respectively. Therefore,
50 or 75 years after creation, it gets increasingly hard to
monetise a work that has not been reinvented in that period of
time.

Sounds plausible to you and me, but this sort of stuff frightens
companies like Disney, who seem powerful enough to simply
have the law changed. That is not how things should work.

The media producers are failing to control the Internet, and
hence they want to turn it into something more like cable TV, which
they do know how to control.

ACTA aims to make copyright infringement a criminal offence.

ACTA wants to make it possible for a government to cut you off
the Internet because someone thinks you did something bad — they
don't actually have to prove it though, accusation is enough.
Similar efforts have already failed all over the world, e.g. in
France and
New Zealand. That's a sign, not a reason to try again.

ACTA wants to set in stone that you have absolutely no rights
when you cross borders. This is largely already the case — border
officials can pretty much do with you whatever they want — now it's
supposed to be made official, and legally binding.